Windows 7 Kernel Enhancements

I found this to be an interesting article. I was really interested in the part about Heap Shimming via Fault Tolerant Heap (FTH). Of course my first thought was cool, how do you get a list of apps that this is being applied to. Up until today I had only found a command to clear the list of all apps and the event log showing events for the interceptions.

Looks like the apps that are being shimmed are maintained in the registry (of course ;o) at hklm\software\microsoft\fth\state. This is easy enough to script for folks so that enterprise customers that want to have an idea of apps in their environment that are having heap corruption issues that aren’t monitoring the event logs on the clients (does anyone do this???) can get the info.